REDHAT-BUG-632239: XSS

First published: Thu Sep 09 2010(Updated: )

As of the 1.2 release, the core Django framework includes a system, enabled by default, for detecting and preventing cross-site request forgery (CSRF) attacks against Django-powered applications. Previous Django releases provided a different, optionally-enabled system for the same purpose. The Django 1.2 CSRF protection system involves the generation of a random token, inserted as a hidden field in outgoing forms. The same value is also set in a cookie, and the cookie value and form value are compared on submission. The provided template tag for inserting the CSRF token into forms -- {% csrf_token %} -- explicitly trusts the cookie value, and displays it as-is. Thus, an attacker who is able to tamper with the value of the CSRF cookie can cause arbitrary content to be inserted, unescaped, into the outgoing HTML of the form, enabling cross-site scripting (XSS) attacks. This issue was first reported via a public ticket in Django's Trac instance; while being triaged it was then independently reported, with broader description, by Jeff Balogh of Mozilla. <a href="http://www.djangoproject.com/weblog/2010/sep/08/security-release/">http://www.djangoproject.com/weblog/2010/sep/08/security-release/</a>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/last-modified-date
• agent/first-publish-date
• agent/type
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2010-3082
• agent/references
• agent/severity
• agent/description
• agent/event
• agent/source
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/django
• canonical/django